Wired Intelligent Edge

Does anyone know all the option available for this? For example whitelisting using a specified certificate? We use the factory-cert option when whitelisting, and see that specific option is not mentioned above.

Thanks.

Hi,

I use this.

whitelist-db cpsec add mac-address ##:##:##:##:##:## ap-group APGROUP001 AP-name AP001 description FirstFloor

You can use the following : 

(host) [mynode] (config) #whitelist-db cpsec add mac-address <address>
ap-group <ap_group>
ap-name <ap_name>
description <description>

---

@Blake. wrote:

Does anyone know all the option available for this? For example whitelisting using a specified certificate? We use the factory-cert option when whitelisting, and see that specific option is not mentioned above.

 

Thanks.

---

What are you trying to do?  

Below is a really useful link sent out by Aruba support.

It lists all options and formats for maintaining the various whitelists and very useful for initial deployment and maintaining the wireless environment.

https://www.arubanetworks.com/techdocs/ArubaOS_64x_WebHelp/Content/ArubaFrameStyles/Control_Plane/Whitelists_on_Campus_and_Remote_APs.htm

If one is deploying Aruba APs utilizing the ZTP(Zero Touch Provisioning) scenario, then one would want to include the AP Group within the Whitelist for obvious reasons.  We have deployed many AP's at a time and had them come online, find the controller, upgrade firmware, named and broadcasting their wireless networks within as little as 10-12 mins per AP, by simply plugging them into the configured network.

***Note: one must utilize the "activate.arubanetworks.com" web portal to move an IAP(Instant AP) to CAP(Campus AP) mode and find their respective controller.  This is a key component of the ZTP process, and some wireless consultants don't realize this.

Keep in mind, as one creates more AP Groups and provisions an existing AP to another group, then if the AP is powered off/on it will revert back to the original AP Group as defined within the Whitelist.  Therefore, it is best to use the Web or CLI to change the Whitelist's AP Group to -None- or the new AP Group for the longterm management of APs.

For our preferences, the most convenient way of doing this is through the CLI mode.

Example:

whitelist-db cpsec modify mac-address 80:8d:b7:cd:1a:32 ap-group " "

The Whitelist then will be updated as such within the configuration.

If one leaves the AP Group out from the start, then one can utilize the AP Provisioning Rules for the group assignments.  However, I found these to be rigid at times and not a good long-term solution for provisioning as it relates to our network configuration.  (I would suggest to Aruba to include the AP Name as one of the available attributes for the Conditions.)

If I have missed something or someone needs further details, please let me know and I would be glad to help out as time permits.  I would not have been as successful with our deployment, if not for all the time and support of Aruba's excellent support engineers and this community.
Regards,
Dan Robinson